PreparedStatement posted = con.prepareStatement(
"INSERT INTO userdate (description, UUID) VALUES ('"+ desc + "','" + postuuid + "') ON DUPLICATE KEY UPDATE");
this is the error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''
this is the code I have, does anyone know waht might be wrong with this?
Check on MySQL docs for reference on DUPLICATE KEY UPDATE https://dev.mysql.com/doc/refman/8.0/en/insert-on-duplicate.html
The keyword "UPDATE" is not the absolute end of the statement. You need to specify the fields/values that will be updated
Related
I was trying to add details to table but it showing some SQL error
Query is:
t=st1.executeUpdate("insert into stdetails(regno,nam,cid,gender,HouseName,place,guardian,phone,photo,did,Emailid,sem) values("+ reg+",'"+ n +"',"+ c +",'"+g+"','"+ h+"','"+p+"','"+ guar +"','"+ph+"','"+pic+"',"+d+",'"+e+"',"+s+"");
Error is
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
Your are missing the parentheses ) in the end of your query so it should look like :
t = st1.executeUpdate("...." + s + ")");
//----------------------------------^---
BUT
Instead of using this way, this can cause a syntax error like your case, and can cause an Sql Injection you have to use PreparedStatement.
there is error in your mysql syntax
String query="insert into stdetails (regno,nam,gender) values(?,?,?)";
PreparedStatement preparedStmt2 = con.prepareStatement(query);
preparedStmt2.setInt (1," ");
preparedStmt2.setString (2," ");
preparedStmt2.setString(3, " ");
preparedStmt2.execute();
like this you can add more columns also
The following exception is thrown when ever I execute the following query
Caused by: com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '-name, cpy-address, cpy-contact) VALUES('nauman','ahmad18',12)' at line 1
Query which is causing exception
String query="insert into company(cpy-name, cpy-address, cpy-contact)VALUES(?,?,?)";
Connection con=DataAccessLayer.getConnection();
PreparedStatement stat=con.prepareStatement(query);
stat.setString(1, cname);
stat.setString(2, caddress);
stat.setInt(3,x );
int rowsAffected = stat.executeUpdate();
You cannot use - in SQL queries. Escape the column names using ` back quote or back tick characters.
insert into company(`cpy-name`, `cpy-address`, `cpy-contact`)VALUES(?,?,?)
On another note, if the database is in your control, change to column names to use '_' rather '-'. Having illegal characters and quoting them is not a good practice.
Hope this helps!
As #uday said you should change column name or use
" ` "
You can't use dash - symbol in SQL query in case of column name so that rename your column name or use Escape ` both side of column name and table name.
So I am using SQL with phpMyAdmin. Now I want to make an update to my database with a prepared statement but doind it gives me the following error:
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'autor='Lol' WHERE id=44' at line 1
And this is how my statement looks like:
command = connection.prepareStatement("UPDATE books SET name=? author=? WHERE id=?");
command.setString(1, name.getText());
command.setString(2, author.getText());
command.setInt(3, IDx);
command.execute();
Wat is wrong with the statement I have made? It should be working In my opinion.
You need to separate the updated fields in a comma like:
command = connection.prepareStatement("UPDATE books SET name=?, author=? WHERE id=?");
You forgot a comma before author
UPDATE books
SET name = ?, author = ?
WHERE id = ?
For some reason when my java code attempts to execute a query that is using a variable I receive a syntax error.
String query = "SELECT userName, email, address FROM users,requests"
+ "WHERE requestingUser = userID AND rideID = ?";
ps = connection.prepareStatement(query);
ps.setInt(1, rideID);
results = ps.executeQuery()
This code produces the following MySQL error:
"You have an error in your SQL syntax; check the manual that corresponds to your
MySQL server version for the right syntax to use near '= userID AND rideID = 34' at
line 1"
I have tried this both with and without using PreparedStatments, and I only receive an error for those queries for which I pass in a variable. Simple queries like "SELECT field FROM table" work fine. I feel like I am going insane, I appreciate any help I can get.
You are missing a space between requests and WHERE
I have problems running this sql statement. It works fine if I run it in mysql but in java I get this error:
You have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use near '' at line 1
The database has an id(pk) autogenerated, varchar, int, varchar;
Can someone help me?
int i = statement.executeUpdate("INSERT INTO sala values('','"+ nume.getText() + "', "+ Integer.parseInt(capacitate.getText())+ ", '" + sunet.getText()+"'");
Don't just try to fix this code by tweaking the SQL as per adarshr's answer. You have a fundamental security problem here which you should fix right now. You're open to SQL injection attacks due to including user data directly in your SQL.
You should use a PreparedStatement, with the parameters declared as placeholders in the SQL, but then given values separately. Exactly how you'll do that will depend on your JDBC provider, but it'll look something like this:
// TODO: Fix the column names, and close the statement in a try/finally block
PreparedStatement pst = conn.prepareStatement(
"INSERT INTO sala (nume, capacitate, sunet) VALUES (?, ?, ?)");
pst.setString(1, nume.getText());
pst.setInt(2, Integer.parseInt(capacitate.getText()));
pst.setString(3, sunet.getText());
pst.executeUpdate();
Note that if you can get capacite in a way which doesn't require integer parsing, that would be good. Otherwise, consider using NumberFormat which is more locale-friendly. Also note that I've added the column names into the SQL to make this more robust in the face of schema changes.
You haven't closed your query.
int i = statement.executeUpdate("INSERT INTO sala values('','"+ nume.getText() + "', "+ Integer.parseInt(capacitate.getText())+ ", '" + sunet.getText()+"')");
^
But more than all this, you must use PreparedStatement as Jon suggested below.